Skip to content
This repository has been archived by the owner on Oct 15, 2022. It is now read-only.

Commit

Permalink
Merge pull request #3884 from adityatandon007/adityatandon/tshark
Browse files Browse the repository at this point in the history 
TShark Cheat Sheet
  • Loading branch information
@gautamkrishnar
gautamkrishnar authored Feb 6, 2017
2 parents 6cd3412 + 992018b commit a22710e
Showing 1 changed file with 178 additions and 0 deletions.
178 changes: 178 additions & 0 deletions share/goodie/cheat_sheets/json/tshark.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,178 @@
{
"id": "tshark_cheat_sheet",
"name": "Tshark",
"description": "A network protocol analyzer",
"metadata": {
"sourceName": "Wireshark.org",
"sourceUrl": "https://www.wireshark.org/docs/man-pages/tshark.html"
},
"aliases": [
"command line wireshark",
"terminal wireshark"
],
"template_type": "terminal",
"section_order": [
"Installation",
"Lower Case Options",
"Upper Case Options",
"Special Options"
],
"sections": {
"Installation": [
{
"key": "sudo apt-get install tshark",
"val": "Install TShark on Ubuntu"
},
{
"key": "tshark -i wlan0 -w capture-output.pcap",
"val": "Basic Usage"
}
],
"Lower Case Options": [
{
"key": "-a <capture autostop condition>",
"val": "Specify a criterion that specifies when TShark is to stop writing to a capture file"
},
{
"key": "-b <capture ring buffer option>",
"val": "Run Tshark in \"multiple files\" mode. Ex: -b filesize:1000 -b files:5 results in a ring buffer of five files of size one megabyte each"
},
{
"key": "-c <capture packet count>",
"val": "Set the maximum number of packets to read when capturing live data. If reading a capture file, set the maximum number of packets to read"
},
{
"key": "-d <layer type>==<selector>,<decode-as protocol>",
"val": "Specify how a layer type should be dissected. Ex: -d tcp.port==8888,http will decode any traffic running over TCP port 8888 as HTTP"
},
{
"key": "-e <field>",
"val": "Add a field to the list of fields to display if -T fields is selected"
},
{
"key": "-f <capture filter>",
"val": "Set the capture filter expression"
},
{
"key": "-h",
"val": "Print the version and options and exits"
},
{
"key": "-i <capture interface> | -",
"val": "Set the name of the network interface or pipe to use for live packet capture"
},
{
"key": "-n",
"val": "Disable network object name resolution (such as hostname, TCP and UDP port names); the -N flag might override this one"
},
{
"key": "-p",
"val": "Don't put the interface into promiscuous mode"
},
{
"key": "-r <infile>",
"val": "Read packet data from infile, can be any supported capture file format (including gzipped files)"
},
{
"key": "-s <capture snaplen>",
"val": "Set the default snapshot length to use when capturing live data"
},
{
"key": "-u <seconds type>",
"val": "Specifies the seconds type. Valid choices are: s for seconds hms for hours, minutes and seconds"
},
{
"key": "-v",
"val": "Print the version and exit"
},
{
"key": "-w <outfile> | -",
"val": "Write raw packet data to outfile or to the standard output if outfile is '-'"
},
{
"key": "-x",
"val": "Print a hex and ASCII dump of the packet data after printing the summary"
},
{
"key": "-y <capture link type>",
"val": "Set the data link type to use while capturing packets. The values reported by -L are the values that can be used"
}
],
"Upper Case Options": [
{
"key": "-B <capture buffer size>",
"val": "Set capture buffer size (in MiB, default is 2 MiB)"
},
{
"key": "-C <configuration profile>",
"val": "Run with the given configuration profile"
},
{
"key": "-D",
"val": "Print a list of the interfaces on which TShark can capture, and exit"
},
{
"key": "-E <field print option>",
"val": "Set an option controlling the printing of fields when -T fields is selected"
},
{
"key": "-F <file format>",
"val": "Set the file format of the output capture file written using the -w option"
},
{
"key": "-H <input hosts file>",
"val": "Read a list of entries from a \"hosts\" file, which will then be written to a capture file"
},
{
"key": "-I",
"val": "Put the interface in \"monitor mode\"; this is supported only on IEEE 802.11 Wi-Fi interfaces, and supported only on some operating systems"
},
{
"key": "-K <keytab>",
"val": "Load kerberos crypto keys from the specified keytab file. Ex: -K krb5.keytab"
},
{
"key": "-N <name resolving flags>",
"val": "Turn on name resolving only for particular types of addresses and port numbers, with name resolving for other types of addresses and port numbers turned off"
},
{
"key": "-Q",
"val": "When capturing packets, only display true errors"
},
{
"key": "-S <separator>",
"val": "Set the line separator to be printed between packets"
},
{
"key": "-V",
"val": "Print a view of the packet details"
},
{
"key": "-W <file format option>",
"val": "Save extra information in the file if the format supports it"
},
{
"key": "-X <eXtension options>",
"val": "Specify an option to be passed to a TShark module. The eXtension option is in the form extension_key:value"
},
{
"key": "-Y <displaY filter>",
"val": "Applies specified filter before printing a decoded form of packets or writing packets to a file"
}
],
"Special Options": [
{
"key": "-2",
"val": "Perform a two-pass analysis. Also permits reassembly frame dependencies to be calculated correctly"
},
{
"key": "-G",
"val": "A special mode to dump one of several types of internal glossaries and then exit"
},
{
"key": "-z <statistics>",
"val": "Collects various types of statistics and display the result after finishing reading the capture file"
}
]
}
}

0 comments on commit a22710e

Please sign in to comment.